Commentaries and Analyses – Page 121

ARx Patient Solutions and ARx Patient Solutions Pharmacy notify patients of a March, 2022 breach

Posted on July 3, 2023 by Dissent

ARx Patient Solutions and its affiliate pharmacy, ARx Patient Solutions Pharmacy, have issued a press release about a data breach affecting patient data. Their notice states, “It was determined that in March 2022, an employee email account was compromised and accessed by an unauthorized third party.” The types of patient information that may have been…

Breach Victims Have Standing When Data Misused, 1st Circuit Says

Posted on July 1, 2023 by Dissent

Christopher Brown reports: A data-breach victim whose personal information was subject to actual misuse has standing to sue the entity that suffered the breach, a federal appeals court said. Plaintiff Alexsis Webb plausibly alleged an injury-in-fact sufficient to confer standing to sue Injured Workers Pharmacy Inc. based on her allegation that information stolen from the…

I had been chatting with a blackhat. They had been working with a whitehat. We were both dealing with the same person.

Posted on June 30, 2023June 6, 2025 by Dissent

On April 18, DataBreaches reported that more details had emerged on the arrest of three men by Dutch police in January. The three were suspected of hacking and extorting victims in the Netherlands and elsewhere, obtaining and selling data online, and money laundering. A fourth person linked to the suspects known as “DataBox” had previously…

Costs of some 2022 ransomware attacks: Whitworth University hit with federal lawsuit, Little Rock School District tallies its costs

Posted on June 29, 2023 by Dissent

Whitworth University may start experiencing more legal costs stemming from a ransomware attack in 2022. Kip Hill reports: A Whitworth University student is asking a federal judge to approve a class action against the school for damages stemming from a ransomware attack discovered in July 2022 that affected more than 65,500 people. The lawsuit, filed…

Barrow County notifies people of a breach that began more than a year ago

Posted on June 29, 2023 by Dissent

Barrow County in Georgia issued a breach notice about a breach of its email environment that occurred between March and August of 2022. Its notification, posted on its website, states, in part: The type of information at issue varied for each individual, but included a variation of the following: name; date of birth, Social Security…

HHS Office for Civil Rights Settles HIPAA Investigation with iHealth Solutions Regarding Disclosure of Protected Health Information on an Unsecured Server for $75,000

Posted on June 28, 2023 by Dissent

HHS has announced another Security Rule enforcement action. This one involves iHealth Solutions (dba Advantum Health), a business associate. The incident involved an unsecured server where protected health information of patients was exfiltrated. The iHealth incident had been discovered by Kromtech Security and was first reported by DataBreaches on May 9, 2017. On May 10,…